Merge pull request #20583 from poettering/pk-no-tty

some polkit agent tweaks
2025-03-31 14:50:15 +03:00 · 2021-08-31 13:45:04 +09:00 · 2021-08-31 13:45:04 +09:00 · fb6ba2521c
commit fb6ba2521c
parent fee1863c83 0bcf167900
4 changed files with 30 additions and 12 deletions
--- a/src/mount/mount-tool.c
+++ b/src/mount/mount-tool.c
@ -332,6 +332,9 @@ static int parse_argv(int argc, char *argv[]) {
                        assert_not_reached();
                }

+        if (arg_user)
+                arg_ask_password = false;
+
        if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Execution in user context is not supported on non-local systems.");
--- a/src/run/run.c
+++ b/src/run/run.c
@ -507,6 +507,10 @@ static int parse_argv(int argc, char *argv[]) {
                        assert_not_reached();
                }

+        /* If we are talking to the per-user instance PolicyKit isn't going to help */
+        if (arg_user)
+                arg_ask_password = false;
+
        with_trigger = !!arg_path_property || !!arg_socket_property || arg_with_timer;

        /* currently, only single trigger (path, socket, timer) unit can be created simultaneously */
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@ -529,21 +529,27 @@ int fork_agent(const char *name, int except[], size_t n_except, pid_t *ret_pid,
                 * stdin around. */
                fd = open("/dev/tty", O_WRONLY);
                if (fd < 0) {
-                        log_error_errno(errno, "Failed to open /dev/tty: %m");
-                        _exit(EXIT_FAILURE);
-                }
+                        if (errno != -ENXIO) {
+                                log_error_errno(errno, "Failed to open /dev/tty: %m");
+                                _exit(EXIT_FAILURE);
+                        }

-                if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
-                        log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
-                        _exit(EXIT_FAILURE);
-                }
+                        /* If we get ENXIO here we have no controlling TTY even though stdout/stderr are
+                         * connected to a TTY. That's a weird setup, but let's handle it gracefully: let's
+                         * skip the forking of the agents, given the TTY setup is not in order. */
+                } else {
+                        if (!stdout_is_tty && dup2(fd, STDOUT_FILENO) < 0) {
+                                log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
+                                _exit(EXIT_FAILURE);
+                        }

-                if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
-                        log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
-                        _exit(EXIT_FAILURE);
-                }
+                        if (!stderr_is_tty && dup2(fd, STDERR_FILENO) < 0) {
+                                log_error_errno(errno, "Failed to dup2 /dev/tty: %m");
+                                _exit(EXIT_FAILURE);
+                        }

-                safe_close_above_stdio(fd);
+                        fd = safe_close_above_stdio(fd);
+                }
        }

        (void) rlimit_nofile_safe();
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@ -925,6 +925,11 @@ static int systemctl_parse_argv(int argc, char *argv[]) {
                        assert_not_reached();
                }

+        /* If we are in --user mode, there's no point in talking to PolicyKit or the infra to query system
+         * passwords */
+        if (arg_scope != UNIT_FILE_SYSTEM)
+                arg_ask_password = false;
+
        if (arg_transport == BUS_TRANSPORT_REMOTE && arg_scope != UNIT_FILE_SYSTEM)
                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                       "Cannot access user instance remotely.");